Cisco Catalyst 3560V2-48TS Switch Configuration Guide

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Catalyst 3560 Switch Software

Configuration Guide

Cisco IOS Release 12.2(44)SE

January 2008

Text Part Number: OL-8553-05

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL

STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT

WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT

SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE

OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH

ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT

LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF

DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,

WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO

OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of

Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo,

Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step,

Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study,

LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way

to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship

between Cisco and any other company. (0711R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the

document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Catalyst 3560 Switch Software Configuration Guide

iii

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

CONTENTS

Preface xliii

Audience xliii

Purpose xliii

Conventions xliv

Related Publications xliv

Obtaining Documentation, Obtaining Support, and Security Guidelines xlvi

CHAPTER

1Overview 1-1

Features 1-1

Ease-of-Deployment and Ease-of-Use Features 1-2

Performance Features 1-3

Management Options 1-5

Manageability Features 1-5

Availability and Redundancy Features 1-7

VLAN Features 1-8

Security Features 1-8

QoS and CoS Features 1-10

Layer 3 Features 1-12

Power over Ethernet Features 1-13

Monitoring Features 1-13

Default Settings After Initial Switch Configuration 1-14

Network Configuration Examples 1-17

Design Concepts for Using the Switch 1-17

Small to Medium-Sized Network Using Catalyst 3560 Switches 1-20

Large Network Using Catalyst 3560 Switches 1-22

Long-Distance, High-Bandwidth Transport Configuration 1-23

Where to Go Next 1-24

CHAPTER

2Using the Command-Line Interface 2-1

Understanding Command Modes 2-1

Understanding the Help System 2-3

Understanding Abbreviated Commands 2-4

Contents

iv

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Understanding no and default Forms of Commands 2-4

Understanding CLI Error Messages 2-5

Using Configuration Logging 2-5

Using Command History 2-6

Changing the Command History Buffer Size 2-6

Recalling Commands 2-6

Disabling the Command History Feature 2-7

Using Editing Features 2-7

Enabling and Disabling Editing Features 2-7

Editing Commands through Keystrokes 2-7

Editing Command Lines that Wrap 2-9

Searching and Filtering Output of show and more Commands 2-10

Accessing the CLI 2-10

Accessing the CLI through a Console Connection or through Telnet 2-10

CHAPTER

3Assigning the Switch IP Address and Default Gateway 3-1

Understanding the Boot Process 3-1

Assigning Switch Information 3-2

Default Switch Information 3-3

Understanding DHCP-Based Autoconfiguration 3-3

DHCP Client Request Process 3-4

Understanding DHCP-based Autoconfiguration and Image Update 3-5

DHCP Autoconfiguration 3-5

DHCP Auto-Image Update 3-5

Limitations and Restrictions 3-5

Configuring DHCP-Based Autoconfiguration 3-6

DHCP Server Configuration Guidelines 3-6

Configuring the TFTP Server 3-7

Configuring the DNS 3-7

Configuring the Relay Device 3-8

Obtaining Configuration Files 3-8

Example Configuration 3-9

Configuring the DHCP Auto Configuration and Image Update Features 3-11

Configuring DHCP Autoconfiguration (Only Configuration File) 3-11

Configuring DHCP Auto-Image Update (Configuration File and Image) 3-12

Configuring the Client 3-13

Manually Assigning IP Information 3-14

Checking and Saving the Running Configuration 3-15

Contents

v

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Modifying the Startup Configuration 3-16

Default Boot Configuration 3-16

Automatically Downloading a Configuration File 3-16

Specifying the Filename to Read and Write the System Configuration 3-16

Booting Manually 3-17

Booting a Specific Software Image 3-18

Controlling Environment Variables 3-18

Scheduling a Reload of the Software Image 3-20

Configuring a Scheduled Reload 3-20

Displaying Scheduled Reload Information 3-21

CHAPTER

4Configuring Cisco IOS CNS Agents 4-1

Understanding Cisco Configuration Engine Software 4-1

Configuration Service 4-2

Event Service 4-3

NameSpace Mapper 4-3

What You Should Know About the CNS IDs and Device Hostnames 4-3

ConfigID 4-3

DeviceID 4-4

Hostname and DeviceID 4-4

Using Hostname, DeviceID, and ConfigID 4-4

Understanding Cisco IOS Agents 4-5

Initial Configuration 4-5

Incremental (Partial) Configuration 4-6

Synchronized Configuration 4-6

Configuring Cisco IOS Agents 4-6

Enabling Automated CNS Configuration 4-6

Enabling the CNS Event Agent 4-8

Enabling the Cisco IOS CNS Agent 4-9

Enabling an Initial Configuration 4-9

Enabling a Partial Configuration 4-13

Displaying CNS Configuration 4-14

CHAPTER

5Clustering Switches 5-1

Understanding Switch Clusters 5-1

Cluster Command Switch Characteristics 5-3

Standby Cluster Command Switch Characteristics 5-3

Candidate Switch and Cluster Member Switch Characteristics 5-3

Contents

vi

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Planning a Switch Cluster 5-4

Automatic Discovery of Cluster Candidates and Members 5-4

Discovery Through CDP Hops 5-5

Discovery Through Non-CDP-Capable and Noncluster-Capable Devices 5-6

Discovery Through Different VLANs 5-6

Discovery Through Different Management VLANs 5-7

Discovery Through Routed Ports 5-8

Discovery of Newly Installed Switches 5-9

HSRP and Standby Cluster Command Switches 5-10

Virtual IP Addresses 5-11

Other Considerations for Cluster Standby Groups 5-11

Automatic Recovery of Cluster Configuration 5-12

IP Addresses 5-13

Hostnames 5-13

Passwords 5-13

SNMP Community Strings 5-14

TACACS+ and RADIUS 5-14

LRE Profiles 5-14

Using the CLI to Manage Switch Clusters 5-15

Catalyst 1900 and Catalyst 2820 CLI Considerations 5-15

Using SNMP to Manage Switch Clusters 5-15

CHAPTER

6Administering the Switch 6-1

Managing the System Time and Date 6-1

Understanding the System Clock 6-1

Understanding Network Time Protocol 6-2

Configuring NTP 6-3

Default NTP Configuration 6-4

Configuring NTP Authentication 6-4

Configuring NTP Associations 6-5

Configuring NTP Broadcast Service 6-6

Configuring NTP Access Restrictions 6-8

Configuring the Source IP Address for NTP Packets 6-10

Displaying the NTP Configuration 6-11

Configuring Time and Date Manually 6-11

Setting the System Clock 6-11

Displaying the Time and Date Configuration 6-12

Configuring the Time Zone 6-12

Configuring Summer Time (Daylight Saving Time) 6-13

Contents

vii

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Configuring a System Name and Prompt 6-14

Default System Name and Prompt Configuration 6-15

Configuring a System Name 6-15

Understanding DNS 6-15

Default DNS Configuration 6-16

Setting Up DNS 6-16

Displaying the DNS Configuration 6-17

Creating a Banner 6-17

Default Banner Configuration 6-17

Configuring a Message-of-the-Day Login Banner 6-18

Configuring a Login Banner 6-19

Managing the MAC Address Table 6-19

Building the Address Table 6-20

MAC Addresses and VLANs 6-20

Default MAC Address Table Configuration 6-21

Changing the Address Aging Time 6-21

Removing Dynamic Address Entries 6-22

Configuring MAC Address Notification Traps 6-22

Adding and Removing Static Address Entries 6-24

Configuring Unicast MAC Address Filtering 6-25

Displaying Address Table Entries 6-26

Managing the ARP Table 6-26

CHAPTER

7Configuring SDM Templates 7-1

Understanding the SDM Templates 7-1

Dual IPv4 and IPv6 SDM Templates 7-2

Configuring the Switch SDM Template 7-3

Default SDM Template 7-3

SDM Template Configuration Guidelines 7-4

Setting the SDM Template 7-4

Displaying the SDM Templates 7-5

CHAPTER

8Configuring Switch-Based Authentication 8-1

Preventing Unauthorized Access to Your Switch 8-1

Protecting Access to Privileged EXEC Commands 8-2

Default Password and Privilege Level Configuration 8-2

Setting or Changing a Static Enable Password 8-3

Protecting Enable and Enable Secret Passwords with Encryption 8-3

Disabling Password Recovery 8-5

Contents

viii

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Setting a Telnet Password for a Terminal Line 8-6

Configuring Username and Password Pairs 8-6

Configuring Multiple Privilege Levels 8-7

Setting the Privilege Level for a Command 8-8

Changing the Default Privilege Level for Lines 8-9

Logging into and Exiting a Privilege Level 8-9

Controlling Switch Access with TACACS+ 8-10

Understanding TACACS+ 8-10

TACACS+ Operation 8-12

Configuring TACACS+ 8-12

Default TACACS+ Configuration 8-13

Identifying the TACACS+ Server Host and Setting the Authentication Key 8-13

Configuring TACACS+ Login Authentication 8-14

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16

Starting TACACS+ Accounting 8-17

Displaying the TACACS+ Configuration 8-17

Controlling Switch Access with RADIUS 8-17

Understanding RADIUS 8-18

RADIUS Operation 8-19

Configuring RADIUS 8-19

Default RADIUS Configuration 8-20

Identifying the RADIUS Server Host 8-20

Configuring RADIUS Login Authentication 8-23

Defining AAA Server Groups 8-25

Configuring RADIUS Authorization for User Privileged Access and Network Services 8-27

Starting RADIUS Accounting 8-28

Configuring Settings for All RADIUS Servers 8-29

Configuring the Switch to Use Vendor-Specific RADIUS Attributes 8-29

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 8-31

Displaying the RADIUS Configuration 8-31

Controlling Switch Access with Kerberos 8-32

Understanding Kerberos 8-32

Kerberos Operation 8-34

Authenticating to a Boundary Switch 8-34

Obtaining a TGT from a KDC 8-35

Authenticating to Network Services 8-35

Configuring Kerberos 8-35

Configuring the Switch for Local Authentication and Authorization 8-36

Contents

ix

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Configuring the Switch for Secure Shell 8-37

Understanding SSH 8-38

SSH Servers, Integrated Clients, and Supported Versions 8-38

Limitations 8-39

Configuring SSH 8-39

Configuration Guidelines 8-39

Setting Up the Switch to Run SSH 8-39

Configuring the SSH Server 8-41

Displaying the SSH Configuration and Status 8-42

Configuring the Switch for Secure Socket Layer HTTP 8-42

Understanding Secure HTTP Servers and Clients 8-42

Certificate Authority Trustpoints 8-43

CipherSuites 8-44

Configuring Secure HTTP Servers and Clients 8-45

Default SSL Configuration 8-45

SSL Configuration Guidelines 8-45

Configuring a CA Trustpoint 8-45

Configuring the Secure HTTP Server 8-46

Configuring the Secure HTTP Client 8-48

Displaying Secure HTTP Server and Client Status 8-48

Configuring the Switch for Secure Copy Protocol 8-49

Information About Secure Copy 8-49

CHAPTER

9Configuring IEEE 802.1x Port-Based Authentication 9-1

Understanding IEEE 802.1x Port-Based Authentication 9-1

Device Roles 9-2

Authentication Process 9-3

Authentication Initiation and Message Exchange 9-5

Ports in Authorized and Unauthorized States 9-7

IEEE 802.1x Host Mode 9-7

IEEE 802.1x Accounting 9-8

IEEE 802.1x Accounting Attribute-Value Pairs 9-8

Using 802.1x Readiness Check 9-10

Using IEEE 802.1x Authentication with VLAN Assignment 9-10

Using IEEE 802.1x Authentication with Per-User ACLs 9-11

Using IEEE 802.1x Authentication with Guest VLAN 9-12

Using IEEE 802.1x Authentication with Restricted VLAN 9-13

Using IEEE 802.1x Authentication with Inaccessible Authentication Bypass 9-14

Using IEEE 802.1x Authentication with Voice VLAN Ports 9-15

Contents

x

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Using IEEE 802.1x Authentication with Port Security 9-16

Using IEEE 802.1x Authentication with Wake-on-LAN 9-17

Using IEEE 802.1x Authentication with MAC Authentication Bypass 9-17

Using Network Admission Control Layer 2 IEEE 802.1x Validation 9-19

Using Multidomain Authentication 9-19

Using Web Authentication 9-20

Web Authentication with Automatic MAC Check 9-21

Configuring IEEE 802.1x Authentication 9-21

Default IEEE 802.1x Authentication Configuration 9-22

IEEE 802.1x Authentication Configuration Guidelines 9-23

IEEE 802.1x Authentication 9-23

VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication

Bypass 9-25

MAC Authentication Bypass 9-25

Upgrading from a Previous Software Release 9-26

Configuring 802.1x Readiness Check 9-26

Configuring IEEE 802.1x Authentication 9-27

Configuring the Switch-to-RADIUS-Server Communication 9-28

Configuring the Host Mode 9-30

Configuring Periodic Re-Authentication 9-31

Manually Re-Authenticating a Client Connected to a Port 9-31

Changing the Quiet Period 9-32

Changing the Switch-to-Client Retransmission Time 9-32

Setting the Switch-to-Client Frame-Retransmission Number 9-33

Setting the Re-Authentication Number 9-33

Configuring IEEE 802.1x Accounting 9-34

Configuring a Guest VLAN 9-35

Configuring a Restricted VLAN 9-36

Configuring the Inaccessible Authentication Bypass Feature 9-38

Configuring IEEE 802.1x Authentication with WoL 9-40

Configuring MAC Authentication Bypass 9-41

Configuring NAC Layer 2 IEEE 802.1x Validation 9-42

Configuring Web Authentication 9-43

Disabling IEEE 802.1x Authentication on the Port 9-45

Resetting the IEEE 802.1x Authentication Configuration to the Default Values 9-46

Displaying IEEE 802.1x Statistics and Status 9-46

Contents

xi

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

CHAPTER

10 Configuring Interface Characteristics 10-1

Understanding Interface Types 10-1

Port-Based VLANs 10-2

Switch Ports 10-2

Access Ports 10-3

Trunk Ports 10-3

Tunnel Ports 10-3

Routed Ports 10-4

Switch Virtual Interfaces 10-4

EtherChannel Port Groups 10-5

Dual-Purpose Uplink Ports 10-6

Power over Ethernet Ports 10-6

Supported Protocols and Standards 10-6

Powered-Device Detection and Initial Power Allocation 10-7

Power Management Modes 10-8

Connecting Interfaces 10-9

Using Interface Configuration Mode 10-10

Procedures for Configuring Interfaces 10-10

Configuring a Range of Interfaces 10-11

Configuring and Using Interface Range Macros 10-12

Configuring Ethernet Interfaces 10-14

Default Ethernet Interface Configuration 10-14

Setting the Type of a Dual-Purpose Uplink Port 10-16

Configuring Interface Speed and Duplex Mode 10-17

Speed and Duplex Configuration Guidelines 10-17

Setting the Interface Speed and Duplex Parameters 10-18

Configuring IEEE 802.3x Flow Control 10-19

Configuring Auto-MDIX on an Interface 10-20

Configuring a Power Management Mode on a PoE Port 10-21

Budgeting Power for Devices Connected to a PoE Port 10-22

Adding a Description for an Interface 10-24

Configuring Layer 3 Interfaces 10-25

Configuring the System MTU 10-26

Monitoring and Maintaining the Interfaces 10-28

Monitoring Interface Status 10-28

Clearing and Resetting Interfaces and Counters 10-29

Shutting Down and Restarting the Interface 10-29

Contents

xii

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

CHAPTER

11 Configuring Smartports Macros 11-1

Understanding Smartports Macros 11-1

Configuring Smartports Macros 11-2

Default Smartports Macro Configuration 11-2

Smartports Macro Configuration Guidelines 11-2

Creating Smartports Macros 11-4

Applying Smartports Macros 11-5

Applying Cisco-Default Smartports Macros 11-6

Displaying Smartports Macros 11-8

CHAPTER

12 Configuring VLANs 12-1

Understanding VLANs 12-1

Supported VLANs 12-2

VLAN Port Membership Modes 12-3

Configuring Normal-Range VLANs 12-4

Token Ring VLANs 12-6

Normal-Range VLAN Configuration Guidelines 12-6

VLAN Configuration Mode Options 12-7

VLAN Configuration in config-vlan Mode 12-7

VLAN Configuration in VLAN Database Configuration Mode 12-7

Saving VLAN Configuration 12-7

Default Ethernet VLAN Configuration 12-8

Creating or Modifying an Ethernet VLAN 12-9

Deleting a VLAN 12-10

Assigning Static-Access Ports to a VLAN 12-11

Configuring Extended-Range VLANs 12-12

Default VLAN Configuration 12-12

Extended-Range VLAN Configuration Guidelines 12-13

Creating an Extended-Range VLAN 12-13

Creating an Extended-Range VLAN with an Internal VLAN ID 12-15

Displaying VLANs 12-16

Configuring VLAN Trunks 12-16

Trunking Overview 12-16

Encapsulation Types 12-18

IEEE 802.1Q Configuration Considerations 12-19

Default Layer 2 Ethernet Interface VLAN Configuration 12-19

Contents

xiii

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Configuring an Ethernet Interface as a Trunk Port 12-19

Interaction with Other Features 12-20

Configuring a Trunk Port 12-20

Defining the Allowed VLANs on a Trunk 12-21

Changing the Pruning-Eligible List 12-22

Configuring the Native VLAN for Untagged Traffic 12-23

Configuring Trunk Ports for Load Sharing 12-24

Load Sharing Using STP Port Priorities 12-24

Load Sharing Using STP Path Cost 12-26

Configuring VMPS 12-27

Understanding VMPS 12-28

Dynamic-Access Port VLAN Membership 12-28

Default VMPS Client Configuration 12-29

VMPS Configuration Guidelines 12-29

Configuring the VMPS Client 12-30

Entering the IP Address of the VMPS 12-30

Configuring Dynamic-Access Ports on VMPS Clients 12-30

Reconfirming VLAN Memberships 12-31

Changing the Reconfirmation Interval 12-31

Changing the Retry Count 12-32

Monitoring the VMPS 12-32

Troubleshooting Dynamic-Access Port VLAN Membership 12-33

VMPS Configuration Example 12-33

CHAPTER

13 Configuring VTP 13-1

Understanding VTP 13-1

The VTP Domain 13-2

VTP Modes 13-3

VTP Advertisements 13-3

VTP Version 2 13-4

VTP Pruning 13-4

Configuring VTP 13-6

Default VTP Configuration 13-6

VTP Configuration Options 13-7

VTP Configuration in Global Configuration Mode 13-7

VTP Configuration in VLAN Database Configuration Mode 13-7

Contents

xiv

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

VTP Configuration Guidelines 13-8

Domain Names 13-8

Passwords 13-8

VTP Version 13-8

Configuration Requirements 13-9

Configuring a VTP Server 13-9

Configuring a VTP Client 13-11

Disabling VTP (VTP Transparent Mode) 13-12

Enabling VTP Version 2 13-13

Enabling VTP Pruning 13-14

Adding a VTP Client Switch to a VTP Domain 13-14

Monitoring VTP 13-16

CHAPTER

14 Configuring Voice VLAN 15-1

Understanding Voice VLAN 15-1

Cisco IP Phone Voice Traffic 15-2

Cisco IP Phone Data Traffic 15-2

Configuring Voice VLAN 15-3

Default Voice VLAN Configuration 15-3

Voice VLAN Configuration Guidelines 15-3

Configuring a Port Connected to a Cisco 7960 IP Phone 15-4

Configuring Cisco IP Phone Voice Traffic 15-5

Configuring the Priority of Incoming Data Frames 15-6

Displaying Voice VLAN 15-7

CHAPTER

15 Configuring Private VLANs 14-1

Understanding Private VLANs 14-1

IP Addressing Scheme with Private VLANs 14-3

Private VLANs across Multiple Switches 14-4

Private-VLAN Interaction with Other Features 14-4

Private VLANs and Unicast, Broadcast, and Multicast Traffic 14-5

Private VLANs and SVIs 14-5

Configuring Private VLANs 14-5

Tasks for Configuring Private VLANs 14-6

Default Private-VLAN Configuration 14-6

Private-VLAN Configuration Guidelines 14-6

Secondary and Primary VLAN Configuration 14-6

Private-VLAN Port Configuration 14-8

Limitations with Other Features 14-8

Contents

xv

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Configuring and Associating VLANs in a Private VLAN 14-9

Configuring a Layer 2 Interface as a Private-VLAN Host Port 14-11

Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port 14-12

Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 14-13

Monitoring Private VLANs 14-14

CHAPTER

16 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling 16-1

Understanding IEEE 802.1Q Tunneling 16-1

Configuring IEEE 802.1Q Tunneling 16-4

Default IEEE 802.1Q Tunneling Configuration 16-4

IEEE 802.1Q Tunneling Configuration Guidelines 16-4

Native VLANs 16-4

System MTU 16-5

IEEE 802.1Q Tunneling and Other Features 16-6

Configuring an IEEE 802.1Q Tunneling Port 16-6

Understanding Layer 2 Protocol Tunneling 16-7

Configuring Layer 2 Protocol Tunneling 16-10

Default Layer 2 Protocol Tunneling Configuration 16-11

Layer 2 Protocol Tunneling Configuration Guidelines 16-12

Configuring Layer 2 Protocol Tunneling 16-13

Configuring Layer 2 Tunneling for EtherChannels 16-14

Configuring the SP Edge Switch 16-14

Configuring the Customer Switch 16-16

Monitoring and Maintaining Tunneling Status 16-18

CHAPTER

17 Configuring STP 17-1

Understanding Spanning-Tree Features 17-1

STP Overview 17-2

Spanning-Tree Topology and BPDUs 17-3

Bridge ID, Switch Priority, and Extended System ID 17-4

Spanning-Tree Interface States 17-4

Blocking State 17-6

Listening State 17-6

Learning State 17-6

Forwarding State 17-6

Disabled State 17-7

How a Switch or Port Becomes the Root Switch or Root Port 17-7

Spanning Tree and Redundant Connectivity 17-8

Spanning-Tree Address Management 17-8

Contents

xvi

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Accelerated Aging to Retain Connectivity 17-8

Spanning-Tree Modes and Protocols 17-9

Supported Spanning-Tree Instances 17-9

Spanning-Tree Interoperability and Backward Compatibility 17-10

STP and IEEE 802.1Q Trunks 17-10

VLAN-Bridge Spanning Tree 17-10

Configuring Spanning-Tree Features 17-11

Default Spanning-Tree Configuration 17-11

Spanning-Tree Configuration Guidelines 17-12

Changing the Spanning-Tree Mode. 17-13

Disabling Spanning Tree 17-14

Configuring the Root Switch 17-14

Configuring a Secondary Root Switch 17-16

Configuring Port Priority 17-17

Configuring Path Cost 17-18

Configuring the Switch Priority of a VLAN 17-19

Configuring Spanning-Tree Timers 17-20

Configuring the Hello Time 17-20

Configuring the Forwarding-Delay Time for a VLAN 17-21

Configuring the Maximum-Aging Time for a VLAN 17-21

Configuring the Transmit Hold-Count 17-22

Displaying the Spanning-Tree Status 17-22

CHAPTER

18 Configuring MSTP 18-1

Understanding MSTP 18-2

Multiple Spanning-Tree Regions 18-2

IST, CIST, and CST 18-3

Operations Within an MST Region 18-3

Operations Between MST Regions 18-4

IEEE 802.1s Terminology 18-5

Hop Count 18-5

Boundary Ports 18-6

IEEE 802.1s Implementation 18-6

Port Role Naming Change 18-7

Interoperation Between Legacy and Standard Switches 18-7

Detecting Unidirectional Link Failure 18-8

Interoperability with IEEE 802.1D STP 18-8

Contents

xvii

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Understanding RSTP 18-8

Port Roles and the Active Topology 18-9

Rapid Convergence 18-10

Synchronization of Port Roles 18-11

Bridge Protocol Data Unit Format and Processing 18-12

Processing Superior BPDU Information 18-13

Processing Inferior BPDU Information 18-13

Topology Changes 18-13

Configuring MSTP Features 18-14

Default MSTP Configuration 18-14

MSTP Configuration Guidelines 18-15

Specifying the MST Region Configuration and Enabling MSTP 18-16

Configuring the Root Switch 18-17

Configuring a Secondary Root Switch 18-18

Configuring Port Priority 18-19

Configuring Path Cost 18-20

Configuring the Switch Priority 18-21

Configuring the Hello Time 18-22

Configuring the Forwarding-Delay Time 18-23

Configuring the Maximum-Aging Time 18-23

Configuring the Maximum-Hop Count 18-24

Specifying the Link Type to Ensure Rapid Transitions 18-24

Designating the Neighbor Type 18-25

Restarting the Protocol Migration Process 18-25

Displaying the MST Configuration and Status 18-26

CHAPTER

19 Configuring Optional Spanning-Tree Features 19-1

Understanding Optional Spanning-Tree Features 19-1

Understanding Port Fast 19-2

Understanding BPDU Guard 19-2

Understanding BPDU Filtering 19-3

Understanding UplinkFast 19-3

Understanding BackboneFast 19-5

Understanding EtherChannel Guard 19-7

Understanding Root Guard 19-8

Understanding Loop Guard 19-9

Contents

xviii

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Configuring Optional Spanning-Tree Features 19-9

Default Optional Spanning-Tree Configuration 19-9

Optional Spanning-Tree Configuration Guidelines 19-10

Enabling Port Fast 19-10

Enabling BPDU Guard 19-11

Enabling BPDU Filtering 19-12

Enabling UplinkFast for Use with Redundant Links 19-13

Enabling BackboneFast 19-13

Enabling EtherChannel Guard 19-14

Enabling Root Guard 19-15

Enabling Loop Guard 19-15

Displaying the Spanning-Tree Status 19-16

CHAPTER

20 Configuring Flex Links and the MAC Address-Table Move Update Feature 20-1

Understanding Flex Links and the MAC Address-Table Move Update 20-1

Flex Links 20-1

VLAN Flex Link Load Balancing and Support 20-2

Flex Link Multicast Fast Convergence 20-3

Learning the Other Flex Link Port as the mrouter Port 20-3

Generating IGMP Reports 20-3

Leaking IGMP Reports 20-4

MAC Address-Table Move Update 20-6

Configuring Flex Links and the MAC Address-Table Move Update 20-7

Default Configuration 20-7

Configuration Guidelines 20-8

Configuring Flex Links 20-8

Configuring VLAN Load Balancing on Flex Links 20-10

Configuring the MAC Address-Table Move Update Feature 20-12

Monitoring Flex Links and the MAC Address-Table Move Update 20-14

CHAPTER

21 Configuring DHCP Features and IP Source Guard 21-1

Understanding DHCP Features 21-1

DHCP Server 21-2

DHCP Relay Agent 21-2

DHCP Snooping 21-2

Option-82 Data Insertion 21-3

Cisco IOS DHCP Server Database 21-6

DHCP Snooping Binding Database 21-7

Contents

xix

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

Configuring DHCP Features 21-8

Default DHCP Configuration 21-8

DHCP Snooping Configuration Guidelines 21-9

Configuring the DHCP Server 21-10

Configuring the DHCP Relay Agent 21-10

Specifying the Packet Forwarding Address 21-11

Enabling DHCP Snooping and Option 82 21-12

Enabling DHCP Snooping on Private VLANs 21-13

Enabling the Cisco IOS DHCP Server Database 21-14

Enabling the DHCP Snooping Binding Database Agent 21-14

Displaying DHCP Snooping Information 21-15

Understanding IP Source Guard 21-15

Source IP Address Filtering 21-16

Source IP and MAC Address Filtering 21-16

Configuring IP Source Guard 21-16

Default IP Source Guard Configuration 21-16

IP Source Guard Configuration Guidelines 21-17

Enabling IP Source Guard 21-17

Displaying IP Source Guard Information 21-19

CHAPTER

22 Configuring Dynamic ARP Inspection 22-1

Understanding Dynamic ARP Inspection 22-1

Interface Trust States and Network Security 22-3

Rate Limiting of ARP Packets 22-4

Relative Priority of ARP ACLs and DHCP Snooping Entries 22-4

Logging of Dropped Packets 22-4

Configuring Dynamic ARP Inspection 22-5

Default Dynamic ARP Inspection Configuration 22-5

Dynamic ARP Inspection Configuration Guidelines 22-6

Configuring Dynamic ARP Inspection in DHCP Environments 22-7

Configuring ARP ACLs for Non-DHCP Environments 22-8

Limiting the Rate of Incoming ARP Packets 22-11

Performing Validation Checks 22-12

Configuring the Log Buffer 22-13

Displaying Dynamic ARP Inspection Information 22-15

Contents

xx

Catalyst 3560 Switch Software Configuration Guide

OL-8553-05

CHAPTER

23 Configuring IGMP Snooping and MVR 23-1

Understanding IGMP Snooping 23-2

IGMP Versions 23-3

Joining a Multicast Group 23-3

Leaving a Multicast Group 23-5

Immediate Leave 23-5

IGMP Configurable-Leave Timer 23-6

IGMP Report Suppression 23-6

Configuring IGMP Snooping 23-7

Default IGMP Snooping Configuration 23-7

Enabling or Disabling IGMP Snooping 23-7

Setting the Snooping Method 23-8

Configuring a Multicast Router Port 23-9

Configuring a Host Statically to Join a Group 23-10

Enabling IGMP Immediate Leave 23-11

Configuring the IGMP Leave Timer 23-11

Configuring TCN-Related Commands 23-12

Controlling the Multicast Flooding Time After a TCN Event 23-12

Recovering from Flood Mode 23-13

Disabling Multicast Flooding During a TCN Event 23-13

Configuring the IGMP Snooping Querier 23-14

Disabling IGMP Report Suppression 23-15

Displaying IGMP Snooping Information 23-16

Understanding Multicast VLAN Registration 23-17

Using MVR in a Multicast Television Application 23-18

Configuring MVR 23-20

Default MVR Configuration 23-20

MVR Configuration Guidelines and Limitations 23-20

Configuring MVR Global Parameters 23-21

Configuring MVR Interfaces 23-22

Displaying MVR Information 23-24

Configuring IGMP Filtering and Throttling 23-24

Default IGMP Filtering and Throttling Configuration 23-25

Configuring IGMP Profiles 23-25

Applying IGMP Profiles 23-26

Setting the Maximum Number of IGMP Groups 23-27

Configuring the IGMP Throttling Action 23-28

Displaying IGMP Filtering and Throttling Configuration 23-29

Page is loading ...

Cisco Catalyst 3560V2-48TS Switch , Catalyst 3560 Series Switches, Catalyst 3560 Series Switches, Catalyst 3560V2-24DC Switch , Catalyst 3560V2-24PS Switch , Catalyst 3560V2-24TS Switch , Catalyst 3560V2-48PS Switch Configuration Guide

Related papers

Other documents